package com.it.config;


import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .mvcMatchers("/login.html").permitAll()
                  .mvcMatchers("/brands").permitAll()//开启放行在之前
                .anyRequest().authenticated()   //除放行全拦截权限
                .and()
                .formLogin()//默认登录
                .loginPage("/login.html")//自定义登录界面
                .loginProcessingUrl("/doLogin")//指定处理登录请求url
//                .usernameParameter("")//改名
                .successForwardUrl("/brands")//请求成功跳转路径 forward
//                .defaultSuccessUrl() 默认跳转前后一体  redirect
                .successHandler(new MySuccess())//前后端分离，返回信息
//                .failureForwardUrl("/login.html")//认证失败跳转
//                .failureUrl("") 重定向
                .failureHandler(new MyFailure())//自定义失败
                .and()
                .logout()
                /*.logoutRequestMatcher(new OrRequestMatcher(
                        new AntPathRequestMatcher("/aa","GET"),
                        new AntPathRequestMatcher("/bb","POST")
                ))//多种请求*/
//                .logoutSuccessHandler()//自定义注销
//                .logoutUrl("/logout")//指定注销url
             /*   .invalidateHttpSession(true)//默认会话失效 GET
                .clearAuthentication(true)//清除认证标记 默认*/
//                .logoutSuccessUrl("/login.html")//注销登录跳转
                .and()
                .csrf().disable();//禁止 跨站请求保护

    }
}
